A computer network is a collection of various devices connected together to share computer resources and communicate with each other. These devices, which can include end nodes (e.g., computer systems, printers, etc.) and network connection elements (e.g., hubs, switches, bridges, routers and gateways), interface the network through communication links. The gateways, routers, and switching hubs route data on the communication links to the other devices in the network. Industry has arranged such devices to produce numerous and diverse types of networks including wide area networks (WANs), metropolitan area networks (MANs), and local area networks (LANs). The devices on the networks communicate by transferring data in discrete quantities called packets. A packet can range from a few bits in length to several thousand, as determined by the type of network.
Managing the operation of a network involves performing various administrative and maintenance tasks, such as updating software and tracking network resources. These tasks often require communicating directly with many of the devices on the network. Ideally, such administrative access to the devices would occur during off-business hours, such as evenings and weekends, so as to minimize disruption of day-time business operations. Further, it would be advantageous if a network administrator could communicate with each device from a remote computer site. However, there is tension between this administrative convenience and the important interest of conserving electrical power. It is during these very off-business hours when some computer users might turn off the computer devices to conserve power, thereby frustrating the administrative process.
A significant problem posed by these turned off computer devices is how to gain access in order to perform the administrative duties. Time and resources must be spent finding and reaching the physical location of each device on the network in order to locally turn on those devices. Yet even after locating the device, other complications could still conceivably prevent the administrator from accessing the device, such as finding the turned off device behind locked office doors.
One particular approach to solving this problem is a mechanism for awakening a turned off device from a remote computer. The remote computer sends a special packet of data, called a wake-up packet, to the turned off device. An example of such a wake-up packet is Magic Packet.TM., developed by AMD.RTM.. The device is not entirely turned off, otherwise the device would be unable to detect the wake-up packet. Therefore, when the device is locally turned off by a user, the device actually continues operating, but in a sleep state. In the sleep state, a portion of the device still receives electrical power. The portion receiving the electrical power is capable of monitoring packet traffic on the network. Consequently, this portion wakes up the device upon detecting a wake-up packet appropriately addressed to the device. As a result, the network administrator who sent the wake-up packet to the device from a remote computer is able to remotely perform administrative and management activities on that device.
However, such a wake-up mechanism produces a new avenue by which unauthorized users can try to breach the security of the device. Before the development of wake-up packets, a device was deemed most secure when turned off. The act of turning off the device effectively disconnected the device from other devices on the network. No remote computer could use the network to communicate with that device. But now, in order to be able to detect wake-up packets, a device remains connected to the network even though the device has been locally turned off. By knowing the network address of this device and understanding the mechanics of wake-up packets, an unauthorized user could gain unchallenged access to the device. Once inside the device, the unauthorized user could then readily write and read any of the device's unprotected resources and could even attempt to break into those areas where sensitive information is stored. Thus, the mechanism exposes these devices to a new class and greater number of potential unauthorized users, i.e., the remote attacker.
For the foregoing reasons, there is a need for an improved method and apparatus that can remotely wake up devices operating on a network, yet avoid the problems of the aforementioned approach.